Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
None

Assigned Teams:

Server Security
Operating System:
ALL
Sprint:
Security 2021-11-15, Security 2021-11-29
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

When a Master key is rotated by the MongoDB Enterprise using the command

mongod --enableEncryption --kmipRotateMasterKey \
 --kmipServerName <KMIP Server HostName> \
 --kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem

the KMIP Client in it does not deactivate the master key which it was using prior to the rotation and the old key is left as a stale entry in the server.

Also, please confirm if it has to be removed ideally or whether its retained for any specific reason.

Added content from ~~SERVER-53055~~:

only two KMIP operations listed below are performed by the KMIP Client in MongoDB Enterprise.

Create
Get

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Screenshot from 2020-11-30 20-30-02.png
109 kB
Nov 30 2020 03:01:13 PM UTC

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Sreekarthik Ramalingam
Participants:: [DO NOT USE] Backlog - Security Team, Eric Sedor, Sara Williamson, Sreekarthik Ramalingam
Votes:: 0 Vote for this issue
Watchers:: 8 Start watching this issue

Created:: Nov 24 2020 12:24:46 PM UTC
Updated:: Dec 06 2022 01:43:22 AM UTC

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates